Running Debian Etch with Samba-3.0.24 and ldap...
I've set up a few users as part of the admin group and one in the users
group. When I log onto the XP machine they can see their home drives but I
get a command prompt asking for username and password for the server
(usit-file). Not even admin can login though. Even if I log onto the XP
machine as the domain admin I can't access the share.
The relevant bits:
smb.conf:
workgroup = usit
server string = %h server
wins support = yes
wins server = 10.133.1.21
dns proxy = yes
name resolve order = lmhosts host wins bcast
interfaces = 127.0.0.0/8 10.133.0.0/16 eth0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 10
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://10.133.1.21
ldap suffix = dc=usit,dc=ie
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=usit,dc=ie
ldap delete dn = no
obey pam restrictions = yes
ldap password sync = yes
invalid users = root
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
domain logons = yes
enable privileges = yes
logon path = <file://\\%N\profiles\%U> \\%N\profiles\%U
logon path = \\%N\%U\profile
logon drive = H:
logon home = <file://\\%N\%U> \\%N\%U
logon script = logon.bat
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
preferred master = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
valid users = %S
inherit acls = Yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
write list = "@admins"
[profiles]
comment = Users profiles
path = /home/samba/profiles
path = %H
guest ok = no
# browseable = no
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[shared]
comment = Shared folder
path = /data/Shared
# force group = users
read only = no
create mask = 0770
directory mask = 0770
valid users = @admin,@users
Permissions:
usit-file:~# ls -la /data/
total 16
drwxr-xr-x 4 root root 4096 2007-06-07 16:33 .
drwxr-xr-x 25 root root 4096 2007-06-08 14:52 ..
drwxr-xr-x 3 root root 4096 2007-06-07 16:33 AQ
drwxrwx--- 15 root users 4096 2007-06-08 11:51 Shared
Users:
admin:*:0:20000:admin :/home/users/admins/in:
gal_script$:*:30000:515:Computer:/dev/null:/bin/false
ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false
aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false
chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash
emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash
bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash
Logon.bat:
net time \\usit-file /set /yes
net use s: \\usit-file\Shared
-----------------------------------------------------------------
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted. If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin
2.
